2 matches found
CVE-2026-27960
OpenCTI suffers a privilege escalation in versions 6.6.0–6.9.12 that allows unauthenticated attackers to query the API as any existing user, including the default admin account. The issue has been fixed in version 6.9.13. As a temporary mitigation, the default admin can be disabled via APP__ADMIN...
OpenCTI 授权问题漏洞
OpenCTI is an open-source network threat intelligence platform developed by OpenCTI. Versions 6.6.0 to 6.9.12 of OpenCTI have vulnerabilities related to authorization. Attackers can exploit these vulnerabilities to access the API as any existing user, including the default administrator account...